Pharmaceutical Group Pierre Fabre Fell Victim of REvil Ransomware Attack
The Attackers Initially Demanded a $25 Million Ransom, Doubling the REvil Ransom When the Victim Failed to Respond.
Laboratoires Pierre Fabre is a multinational pharmaceutical and skin cosmetics organization from Castres, France, the second-largest pharmaceutical group in France and the 2nd largest dermo-cosmetics laboratory worldwide.
The group has close to 10.000 workers all over the world, with more than 6000 in France, spread over fifty sites, including 15 main ones in France. Last year, in response to the pandemic they had to adapt and started to focus their efforts on making hydroalcoholic gels and skin lotions for hospitals to help control the spread of COVID-19.
Last week, the pharmaceutical company reported it had been the victim of a cyberattack on the night of Tuesday to Wednesday.
Even though the situation was under control in less than a day, the company had to put its system into standby mode in order to restrain the spread of the virus.
This led to the gradual, temporary stoppage of most production activities (except for the production facility in Gaillac (in the Tarn in France), which manufactures active ingredients for pharmaceuticals and cosmetic products).
Pierre Fabre Affected by REvil Ransomware Attack
When the attack occurred, the company didn’t reveal what type of attack they suffered, but according to Bleeping Computer, the pharmaceutical group was hit by a ransomware attack orchestrated by a hacking group known as REvil/Sodinokibi.
REvil, also known as Sodinokibi, is a ransomware-as-a-service (RaaS) operation that has extorted vasts sums of money from organizations worldwide over the past year.
Hackers behind RaaS operations count on other cybercriminals known as affiliates to disperse the ransomware for them. Actually, these ransomware developers earn between 20% to 30% of the illegal proceeds while the rest is going to the affiliates who obtain access to corporate networks and install the malware.
Although there is still unknown information about the attack, an important news website recently received a link for a REvil Tor payment page allegedly from the Pierre Fabre ransomware attack.
This shows the attackers initially demanded a $25 million ransom, but the ransom had doubled when the victim failed to respond.
The chat below, meant to scare the firm into paying the ransom, shows a message from the attackers threatening to publish Pierre Fabre’s data.
Pharmaceutical Group Pierre Fabre is only one of the multiple large organizations that fell victims to Revil ransomware attacks over the past month, the most important ones being Acer with a $50 million demand and Asteelflash with a $24 million demand.
There is no further information about the Pierre Fabre Revil ransomware attack at this point, but we will keep you posted.